Assistant Vice President, Internal Audit (Information Security)

Job information:

• Functional title - Internal Audit (Information Security)
• Department - Internal Audit
• Corporate level - Assistant Vice President
• Report to - Director - Internal Audit - Information Security
• Location - London

 What you will be doing:

Stakeholder Management / Strategic: (15%)

• Develop and maintain working relationships with peers across the organization.
• To monitor strategic developments within CLS to highlight any unidentified risks or potential control issues.
• Perform continuous monitoring of the business through frequent stakeholder engagement, under the direction of the director, to identify emerging risks and issues and report to audit management.
• Identify areas for improvement within Internal Audit and play a leading role on department improvement initiatives.
• Support and provide input into the Internal Audit risk assessment process to inform the Audit Plan. 

Audit Execution and Management: (80%)

• Execution of planning and testing for complex technology, information security audits and high-level reviews, including designing test strategies, audit test papers and drafting of audit findings.
• Validation to confirm management’s remediation of audit and regulatory issues.
• Management and tracking of businesses remediation activities.
• Actively contributing to the ongoing improvement of audit practices and methodology.

Professional Development (5%)

• Proactively maintain knowledge, skills, and disciplines, with on-going professional development.
• Identify and share useful learning opportunities for other Internal Audit team members.
• Maintain the professional standard of the Internal Audit function and work within its agreed Terms of Reference and IIA standards/guidelines, Charter, and Mandate.
• Demonstrate adaptability to ensure that the audit focus is maintained on key issues, under the guidance of audit senior management.

What we’re looking for:

• Experience working within Internal Audit in a financial services environment (ideally banking) and audit experience across a range of different information technology in a financial institution.
• Ability to provide technical subject matter expertise during integrated audits.
• Strong analytical skills.
• Experience of dealing with all levels of management.
• Excellent communication skills, both written and verbal.
• Experience and understanding of regulatory requirements, e.g., FRBNY, FCA.
• Strong IT security and technical knowledge with approximately 8 years of experience within the industry.
• Working experience with common security/technology risk frameworks, for instance, ISO 27000, NIST, CIS Critical Security Controls, COBIT, and IIA GTAGs.
• Working experience with regulatory standards / requirements (US, UK) i.e., GDPR, BCBS 239, FFIEC 101, 3402, CHAP.
• Working experience and/or knowledge of Security domains including Access management, Threat management, Incident response and recovery, Data protection, Vulnerability management, Monitoring and logging, Physical security, and Security risk management and governance.
• Working experience and/or knowledge of cloud, block chain, high volume transaction systems.
• Working experience and/or knowledge of application controls, input/output, configuration, application controls.
• Working experience and/or knowledge middleware, networks, operating systems, databases (Unix, Windows, AIX, DB2, Citrix).
• Working experience and/or knowledge of data analytics/ predictive analytics, data governance.

Professional qualifications / certifications

• Degree level education (desirable) - Bachelor’s degree in Computer Science, Computer Engineering, Information Technology or related field of study preferred
• Audit Certifications (desirable) – CIA, CISA
• Security Certifications (desirable) - CISSP, CISM, CompTIA, SANS